Mandiant: 1 in 7 Ransomware Extortion Attacks Exposes OT Data
Analysis of "shaming site" data dumps found sensitive documentation from OT organizations, including oil and gas.
Ransomware gangs often up their game by extorting their victims on so-called shaming sites, where they dump the stolen information to pressure the victims to pony up and pay ransom. According to a new analysis of these attacks by incident response provider Mandiant, one in seven of those extortion incidents exposes sensitive operational technology (OT) information stolen from industrial victims in the attacks.
Mandiant says more than 1,300 OT organizations in critical infrastructure and industrial production were hit by these so-called "multifaceted extortion" attacks in 2021. In a sampling of those victim cases, Mandiant said stolen OT data included detailed network and process documentation from two oil and gas organizations; admin credentials for an OEM to a manufacturer of trains, as well as backups for Siemens TIA Portal PLC project files; and product diagrams and source code for a platform that tracks automobile fleets via GPS for a satellite vehicle-tracking service provider, among other sensitive documents.
"Access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber physical attacks. On top of this, other data also included in the leaks about employees, processes, projects, etc. can provide an actor with a very accurate picture of the target’s culture, plans, and operations," Mandiant said in its report.
The Mandiant report is available online.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024